Oliver Rochford

Oliver Rochford is the Vice President of Security Evangelism at DFLabs. Oliver is a recognized expert on threat and vulnerability management as well as cyber security monitoring and operations management. He previously worked as research director at Gartner. He has worked as a security practitioner and white hat hacker for Tenable Network Security®, HP Enterprise Security Services, Verizon Business, Secunia® (now Flexera Software), Qualys®, and Integralis (now part of NTT Com Security).

To succeed in an era of rapidly evolving threats and emerging technology and the resulting shortfall of actionable evidence and lack of certainty, hypothesizing is the closest we can get to prediction.

The soberer truth is that Artificial Intelligence is like the dancing bear at a circus. We are not fascinated because the bear dances well – because it doesn’t. We are fascinated that the bear dances at all.

Security automation is highly desirable. But this desire has been inhibited by doubt about the accuracy of the detection of threats, and fear of the consequences of automating the containment or mitigation responses.

Einstein is often quoted as having said that insanity is doing the same thing again and again and expecting a different result. When it comes to cybersecurity, based on that definition, we must all be insane.

As the “Snowden leaks” continue in their revelations and unraveling of the twisted web of government surveillance, it is becoming clear that the foundation of trust in the Internet as a shared commons has been thoroughly undermined.

The Spiegel reports that the cyber-attack against the half-state owned telecommunications provider Belgacom was an operation executed by the UK’s GCHQ, based on documents from the Snowden leak archive.

When the Chinese government states that it is not behind most of these attacks – it is possibly telling the truth. That the Chinese government has offensive cyber capabilities are not disputed. What is not a given is that all of this activity has been officially prompted or sanctioned.

It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.

Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.

One of the main criticisms that opponents of the Cyberwar Meme raise, is that much of the reporting on the subject is sensationalist, or worse, war- or fear-mongering. Aside from the implication that anyone warning about the dangers of cyberwarfare is accused of having ulterior motives, it also implies that there is no real danger.

Oliver makes the case for why the way that security awareness training is often approached is flawed. But if done in the right way, Security Awareness Training can provide a lot of value and benefit the security posture greatly.

What can security professionals learn from the history of the Romans?Best practices do not just apply in times of crisis. They must be followed always, because attempting it when the crisis has already hit is too late.

Information Security Professionals hold the power that few people can understand, and correspondingly, an accompanying obligation and responsibility to use that power ethically and in the best interest of society.

What if Government Regulation focused on creating a realistic framework to outline and enforce security standards that vendors, manufacturers and producers have to follow and that stipulates minimum security quality requirements?

The term "technical debt" was coined by Ward Cunningham to describe the effect of skimping during the design and implementation phase of software. So how did the technical debt bubble affect information security?

To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.